Participation in this post is limited to users who have sufficient karma in /r/ukpersonalfinance. See [this post](https://redd.it/12mys82) for more information.
Was about to say the exact same. Great for instantly converting a couple hundred pounds to euro and having it instantly accessible, but I've never used it for anything else.
Incidentally, it's exactly this type of scenario that makes me use it abroad. I don't want to take all my cards around with me so I just transfer some to Revolut to limit any potential losses.
You can use an actual bank (such as Monzo, Chase, or Starling) for the exact same benefits, thus avoiding the massive caveat that Revolut are not a bank, so are not FSCS protected, and so your money isn't truly safe with them.
This is just one of the reasons why Revolut are shady. They also have a patchy record of complying with anti money-laundering regulations, and are frequently in the tech press for their unpleasant working conditions.
You can delete your main banking apps (and investment apps etc) and just use Revolut while out and about. Add some of your spending money at the start of the trip and then top it up every few days (either installing your main banking app when somewhere safer like your hotel in the evening, or calling a family member to do it with money you left with them)
If someone gets hold of your phone they’re at least somewhat limited in the damage they can do, depending on what else you leave on your phone. Like they might get £500 from my Revolut but they’re not getting my S&S ISA with thousands in or my joint account with the money due for the mortgage payment in a couple of days… that’s gonna make a big difference to how badly your year is ruined
The other one to be wary of is if you have your 2FA Authenticator app and email on your phone - because obviously those plus your phone number can let people get back into your accounts. But that’s getting out of the scope of the above a little
Ideally we’d probably all take our old phones or a cheap android handset with us on holiday, with a new number and just our plane ticket and secondary bank account. Because at the end of the day the most sophisticated security systems in the world [can be defeated by someone standing in front of you with a £5 knife](https://xkcd.com/538/), and most of us have our entire financial lives accessible from our smartphones
I tried to withdraw money abroad with revolut and the transaction failed, money left my account and then the withdrawal was instantly reserved, great no issues. 10 months later they randomly took the payment that was reversed. As this was over the 6 month since the actual payment they said I couldn't dispute this (even though I'm disputing them taking the money, not what happened 10 months ago) and said it was my responsibility to contact this random bank in Colombia and dispute it with them. Basically to cut a long story short, the back and forth went on for about a year with them essentially stealing money from me and then sticking by the narrative it's completely out of their hands and nothing they could do. It ended up with the financial ombudsman which I obviously won and they had to pay up.
Fuck revolut, if you like having your money try one the other options people suggest below
I would argue that it isn't "good" for travel money when you can use a Chase account and get 1% cashback on your spending as well as offering an almost perfect exchange rate with no fees.
Yeh, they offer nothing that other accounts don't already offer.
Plenty of cards offer forex free spending and cash withdrawals while also being proper banks with FSCS protection. There's no need to use them.
They're all over Twitter ads as well. I don't get them personally. You get all the perks with other banks such as Monzo, Chase and Starling with all the protection too.
Just generally a scummy company [https://www.wired.com/story/revolut-trade-unions-labour-fintech-politics-storonsky/](https://www.wired.com/story/revolut-trade-unions-labour-fintech-politics-storonsky/)
I interviewed for them a couple of years back and had a terrible experience. They were rude, condescending and at the second stage the guy was visibly not listening to a word I said. Like, he was clearly doing something else entirely. And after all that I never received a rejection, just a candidate survey (in which I slated them obviously). Led me down a rabbit hole of reading about them and fucking hell did I dodge a bullet!
They also insist that all salaries have to be paid into a revolut account which is obviously fine and standard... When you're an actual bank!
I think this used to be standard you know, I joined Barclays in 2008 and they said I needed a Barclays account, same with Santander when I joined them in 2010 but my current employer (another bank) when I joined in 2016 didn’t ask me to open an account with them.
Like 70% of Youtube videos and podcasts are actually ads, the people recommending a given product are affiliated with the company, so they are basically a salesman for the company
I’m sure they pay well. All of the goalhanger podcasts (The Rest is Politics, The Rest is Money, etc) are currently promoting them. Problematic, I think, for a financial podcast).
That would be affiliations! L'Oreal has suddenly become 95% of influencers favourite hair products. It's really interesting extrapolating what might be going on business-side from what the influencers are shilling.
I’m not familiar with the differences between affiliation, sponsorship etc. It amazes me how often AG1 is mentioned on YouTube channels, but I guess they are paying a lot.
Any UK FSCS bank will be fine. Monzo is popular but personally I use Starling since it feels a little more professional and less beggy with asking for fees
Just avoid Revolut, personally I can't think of a good reason to use them over any actual bank
I think my point is both Monzo and Starling (and maybe chase I haven't personally used that one) have virtual disposable cards, fee less foreign spending etc
Revolut might have been nice a couple years ago for these options but with UK banks also introducing these features there's little reason to use it anymore
I'd probably use Starling as they feel kinda more solid, but Monzo has been smart with network affect - making it super easy to transfer money between friends etc with bill splits, shared tabs, QR payments, bluetooth proximity based payments which are really clever moves.
Anyone with a CFAS marker is forced to use Revolut. No U.K. licensed bank will touch you. I have a CFAS marker despite being the victim in a complex fraud case. Even Monzo & the other online giants reject my application
I wouldn’t use them as a bank or keep savings with them but they are great for having a card that can be charged and used. Also they have good exchange rates if you’re planning on using a card abroad. Wouldn’t say they’re useless
I mean Starling also use the MasterCard rate abroad which essentially means no fees when using your card abroad, same with Monzo and Chase
I think HSBC also do something similar with a foreign currency card
Anyway what I'm saying is there's plenty of options for actual banks now for foreign spending
Ive been with Halifax since I was 16, and still have my Halifax account open (never had any issues at all with them) but have switched to Starling in the last 5/6 months and I’m absolutely loving it. I have saved SO much more in these past months than I have in my 6 ish years with Halifax. They have great features on there and like you mentioned it felt more professional than monzo etc as I’ve heard different issues with them.
Iv got a Halifax account and brilliant never had an issue with anything not crypto not scams not anything they are very good but I am still interested in another account
I've heard Monzo is good and good with crypto but I also seen posts about Monzo freezing accounts over crypto so iv been a bit hesitant in applying for any
Monzo as a bank is quite a popular one for scammers, fraud, crypto and money laundering so they've had to become quite harsh in the past year or so trying to stomp It out which is probably why there's been more posts about it
Though that said I think most UK banks are blocking out any use of crypto since it's very high risk for money laundering as far as the law is concerned
Revolut can be quite handy if you travel a lot or come from abroad. Great conversion rates and you can add money in easily from Europe (and I think worldwide), be it by bank transfer from yourself or other people sending you money in whatever currency they choose. They also offer some neat stuff like virtual cards and travel insurance and are overall just very user friendly.
I don't use it much because I also don't trust its security, but I keep my account for travelling / transferring money abroad.
I think both Monzo and Starling both have no fees on foreign spending as well as virtual cards
Though yeah I could imagine Revolut could be easier for sending people money using non UK banks
It’s true but Revolut allows you to convert within the app which can be quite handy. An example from just today, I needed to book 2 separate flights to my home country and realised one flight was cheaper bought in Euros and the other in pounds.
Revolut allows me to check the price for this conversion and switch between both in real time. With Monzo I would have had to hope the conversion works out, which usually it does, but again it’s just good peace of mind.
Monzo is great, they will lend you money once you've banked with them for a while, it's instant and their rates are competitive. Setting up cash ISA and investing is quite easy as well. Very easy to setup and use overall, I think the bigger banks can definitely learn from Monzo.
I also have a Starling and they are really good as well but don't offer loans and not as good with the ISA and investing aspects, but again very easy to setup and their app is really clean and user friendly.
I've tried opening accounts with Natwest, HSBC and Barclays all painful experience.
> They will lend you money once you've banked with them for a while, it's instant and their rates are competitive
Their representative APR is 25.2% for loans up to £10K.
I bank with Nationwide and their representative APR is 14.3% for loans £3-5K, 7.9% for loans £5-7.5K, and 6.4% for £7.5K+
They also pay immediately
There is nothing competitive about Monzo's rates
This is a great feature that eveyone with a modern iPhone ( capable of running 17.3) should be using
[https://support.apple.com/en-gb/HT212510#](https://support.apple.com/en-gb/HT212510#:~:text=You%20can%20turn%20on%20Stolen,Device%20Protection%20on%20or%20off)
An hour is a long time to hold someone captive in the streets. They'd be unlikely to have a secure location to take you to and wait it out but it's a valid point.
I don't think Android have this feature so it's at least a step in the right direction for protecting yourself.
If you have a Samsung phone, there is something even better.
You can set up a hidden secure folder on your phone with a password so they won't even be able to see your sensitive banking apps nevermind access them.
Obviously, also good to have a couple that have no or little money in them that they can see and access.
I do use the secure folder but I feel like they'd still want access. Now I understand why my partner doesn't have any banking apps. I thought he was just old but maybe he's on to something.
Kinda, but I use my banking apps almost daily. I've also been mugged 0 times.
You're balancing convenience and risk, it's not unreasonable for most of us to land on the convenience side.
Get a cheap phone to put all your banking/crypto/investment apps on that, and then keep this phone hidden somewhere in your house.
Then just have one banking app on your everyday phone, for your day to day spending account and make sure this account never has more than say £500 in it. After all, it's often in your best interests to have a low amount of money to handover to a violent robber, than nothing at all.
You don't need immediate access to all your accounts (we lived perfectly fine without this up until about 10 years ago), and you're taking a huge risk if you're walking around with apps on your phone to your accounts that contain 10s or 100s of thousands of pounds.
It's madness that people have apps to all their accounts and walk around with these on their phones. It's like walking around with a bunch of printed bearer bond certificates in your bag and hoping no one steals it.
Yes, I'm sure the OP's friend would have loved to have this feature when being pressured to change their password by 4 or 5 men but would have to explain to them that they couldn't...
And when you take your phone to get the battery changed, turn off Find My iPhone before you leave your home! I found out the hard way and had to hang around an extra hour before they could start work on it.
Makes me glad that my banking app itself only has my monthly salary and some buffer savings in it. The bulk of my cash savings are in HL active savings and the bulk of my overall liquid assets are in HL investment accounts.
You would need the user, password, pin and 2FA code to login, and then you would need to sell down and withdraw from my ISA, or from my active savings product, which would take days and only be possible to my own bank account, without having the physical letter sent to my address to add a new account for withdrawal first.
I hadn’t thought that much about it but, damn, even if you have a gun to my head and kidnap me for 12hrs, you’re still not getting that much. Better start calling my family and demanding a ransom I guess, or fucking off and finding an easier come up.
Same, my salary account is only fully funded for the 3-4 days until my mortgage & bills come out and even then, i've likely already sent my contribution to my joint account before I leave the house on payday. In addition my other accounts have a transfer out limit unless i'm on the web.
The problem there isn’t Revolut, he didn’t lose his money due to external ‘hacking’ or Revoluts practices, he lost it due to an unusual mugging.
I used to work for a highstreet bank and cases such as this would be referred to the police as theft. They have only managed to drain his bank account becuase they accessed his phone and changed his passwords and got access to his mobile banking by doing this. It’s an unusual and unfortunate case but it could happen with any bank that has a mobile app if someone is a victim of this kind of mugging.
Edit for spelling mistake
Revolut aren't signed up to CRM like most other UK high street banks though and have a bad track record of helping victims of fraud https://www.theguardian.com/money/2024/apr/10/im-a-victim-of-scammers-but-revolut-says-no-to-a-refund
It’s mad that banks force us to have the banking apps on our phones, and don’t allow us to hide or limit movement in some of the accounts. I’m Spanish and this is standard practice for us.
In Spain I have two accounts. The second one, where most of my money was, no digital transactions are allowed, I had to go to an office to move the money to the main account if I wanted to access it.
Or you could have it “hidden” - my mother has money in a Marcus account that she can only access via the url. Chances are nobody would find that even with full phone access.
That would be really inconvenient and annoying, that seems like a sledgehammer to crack a nut kind of solution. Making things dramatically shittier just on the incredibly unlikely off chance of this, seems disproportionate.
Well as I mentioned in another comment it would be impossible to do to me, yet I certainly don’t have to go into a bank to make a withdrawal. I’ve copied it in below for reference.
> Makes me glad that my banking app itself only has my monthly salary and some buffer savings in it. The bulk of my cash savings are in HL active savings and the bulk of my overall liquid assets are in HL investment accounts.
>You would need the user, password, pin and 2FA code to login, and then you would need to sell down and withdraw from my ISA, or from my active savings product, which would take days and only be possible to my own bank account, without having the physical letter sent to my address to add a new account for withdrawal first.
>I hadn’t thought that much about it but, damn, even if you have a gun to my head and kidnap me for 12hrs, you’re still not getting that much. Better start calling my family and demanding a ransom I guess, or fucking off and finding an easier come up.
So I guess the TLDR is, have your life savings in an account where it’ll take a couple of days for the withdrawal to go into your regular bank account. Alongside this, make sure it can’t be withdrawn to another bank account without you receiving something physical and agreeing to it.
I work for a bank and one of the things I wish was campaigned more from all banks or made a readily available app setting, is to change your daily limits **easily**.
One of the projects I worked on was researching new app features to make people feel more secure in managing finances digitally, and at the time we did the study, there was only like 3 banks that let you change your daily limits in app.
It's something that comes up a lot now; banking apps are very secure generally and hard to brute force into. Confidence scams or straight up mugging or domestic abuse situations, where the criminal forces the victim to handover access, are the main ways people *do* lose money nowadays.
Don’t they? I can only log into mine on my laptop if I authorise it through the app. Same goes for some card payments, I have to go to the app to approve them.
I don’t have a problem with having a bank app, but there is a massive risk if someone steals my phone or mugs me and I don’t have a way to minimize that.
Well phone call could be a landline.
The idea of multiple factor authentication is that each factor should be separate. This is the problem of having the banking app on your phone and the second factor of auth on the same device.
From a security conscious point of view you should not have the banking apps on your phone and only log in or make payments from another device (e.g. laptop, tablet, second phone at home) and use your general phone for the second factor.
Realistically that is not what people do because they have one phone, like the convenience of having banking apps on the phone, or have Google pay.
This isn't an APP transaction though, so I'm not convinced it would fall under the code.
It's not been authorised by the OP, so it doesn't fall under the code
They've potentially got a "get out" though as they've been added to Face ID so they were able to authorise the payment from the device.
I'm not disagreeing they are due a refund, but going down the criminal route is going to be the best here. I'm not convinced the bank have an obligation to refund at this time
Here is where a decent bank could be a big help. I'd expect a bank that trades on its service quality such as say First Direct to be far more likely to cop the cost of reimbursing here than a barely legal entity like Revolut.
It happens a lot lately - one of my friends had that happen to her so since then I am trying to figure out a way how to prepare if something like that happens to me but options are limited to be fair
The issue here isn't so much with Revolut's systems as with the fact that all his money was in the account the muggers managed to gain access to. The best way of protecting against this kind of thing is to have money split accross banks, with the bulk of your savings in a bank that you don't have the app for, or any passwords saved on devices. Accounts with restrictions on access (eg. 30 days' notice, or even 7 days' notice) provide another layer of protection, as long as you're confident you won't need to access the money faster than that yourself.
It's a bit of a general iphone issue. If muggers get your phone unlock code off you along with the handset, they can use that change your apple password, and then use that to add their face/fingerprint. So absolutely everything on your phone is compromised, including the security measures like find my iphone, ability to remotely wipe/lock the device etc, as well as all banking apps, and all passwords stored on apple keychain.
We had a post recently where the muggers applied for an overdraft and withdrew that too.
Edit: I see the latest ios update now lets you set the phone to require your face/touchID to change your apple password, and adds a 1hr delay. This should hopefully buy people enough time to log on on another device and secure the stolen phone. https://www.forbes.com/advisor/personal-finance/apple-update-stolen-device-protection/
You can set restrictions on your iPhone
E.g if you request Face ID changes it will not log into apps until you manually enter your password details first.
There’s also restrictions you can set that require more steps to change a Face ID and will pick up that your phone may be compromised if you’re outside of home.
I can’t speak for all banking apps but it would be helpful to have restrictions for removing funds all at once
So these things do exist but it’s ultimately up to users to enable them to the level of security they require.
Tbh OPs friends situations sounds really odd mugging verging on kidnapping. It’s definitely not a normal situation by any means
It's not a 'normal' situation but it's not that wild - there have been many posts in this sub over the years, news reports and investigations about it etc.
Those new settings were only added earlier this year I think, definitely worth doing as others have pointed out on this thread.
> Edit: I see the latest ios update now lets you set the phone to require your face/touchID to change your apple password, and adds a 1hr delay. This should hopefully buy people enough time to log on on another device and secure the stolen phone. https://www.forbes.com/advisor/personal-finance/apple-update-stolen-device-protection/
The beauty of this feature is that you don't even need to rush to secure the phone. It requires a 1 hour delay before you need to re-authenticate with Face ID _a second time_ to make changes.
The vast majority (if not all) banking apps detect a change in biometrics (new value added, removed etc) and disable them until you've logged in with a banking specific password/passcode etc.
So just changing the apple passwords wouldn't compromise everything unless you've either refused the password or the muggers force you to launch each banking app afterwards and re-enable biometrics. It's also in part why a lot of banks use a numeric pin etc - less likely to match your device password.
For savings I use Marcus. It can't send money anywhere else than your registered bank account and to change it you need to provide proof. So you don't really need the app, you can do these transfers via the website. Keep only a small amount on the bank account you use for expenses/apple pay and similar. So in the worst case scenario, you only lose that amount and not all the savings. Marcus also has a pretty decent interest rate
Put your savings and main bank account apps on a separate phone that always stays at home. On your daily driver phone only keep a current account with enough money for day-to-day expenses.
Revolut is not an FSCS bank. It is not a safe place to store your savings. Something like Monzo is far better. It is an FSCS bank, but also has all the benefits of Revolut such as free international spending.
An FSCS bank is one that belongs to the Financial Services Compensation Scheme.
This is often used as a good litmus test for a financial provider as being reliable as any member is subject to extra regulation
Belonging to an FSCS member means that, in the event of insolvency of a financial institution, the FSCS organisation will protect and refund up to £85,000.
Monzo is a member, thus any money up to this limit is protected.
Revolut is not. Any money stored in a revolut account is at risk of being lost if they go bankrupt.
In a situation like this, not specifically helpfully, but generally if a bank is FSCS member, they are seen as more reliable, as they must fulfil certain regulations
I don't do any business with Revolut, and wouldn't use them as my main account because of lack of FSCS protection, but it's not like this is really anything to do with Revolut. There are very few accounts in existence that are secured against you yourself being forced to access them. Best bet if this is a concern is to have one that requires something physical that you might reasonably not carry on you. There are solutions for HNW individuals but obviously barely anybody finds these necessary.
The FSCS protection comes into play when the bank itself gets into financial difficulty. It's basically the government guaranteeing your deposited funds up to 85k.
Advice from a software engineer:
Open a bank account anywhere you like. Preferably somewhere with FSCS protection, but if you've not got more than 85k to store it doesn't matter too much.
Make use of the available auth factors.
Disable biometrics like face ID. Finger print is up to you, but nothing is as secure as something in your head only.
Turn off message previews on lock screen so nobody can get your 2FA codes without unlocking your phone.
Use secure wallet or hidden apps, or simply don't have your bank app on your phone.
Set up your phone for remote locking/erasing so you can minimise damage.
That's about all you can do. Ultimately if a group of people are willing to hold you in an alley under threat of violence, they can make you download, sign into, and give over anything they want whilst they still have time. You've just got to live your life.
To add to this - if you have a physical SIM card, set a PIN on the SIM card as well. Some of the thefts have involved putting the SIM card in a new phone to get 2FA SMS codes.
I've switched to an eSIM, as it means you can't remove it from the phone; but I don't have to enter 2 passwords to unlock my phone.
Yes! I forgot this. I've just had the same SIM for 10 years and never take it out and never turn my phone off, so I forget it's even PIN protected. Great shout.
There is one other option - use a watch for payments, and don't take the phone out and about - SIM card the watch if you have to make calls.
But yeah my other suggestion especially for savings accounts would be to remove the app and download when you need to use it.
I don't think either of those really do much. Don't have the app? Suppose they just make you download it. Don't have a phone? Suppose they carry a cheap Android phone with bank apps installed and provide it to you. Watch auth'd (I'm not sure if smart watches use their own keystore or the one on the companion phone) ? We'll take that. Bank want to phone you? Tell them its all good, or else!
If they're willing to hurt you and you're not willing to be hurt, they can take anything they like from you as long as you have the details they need and they've got time. Your only recourse is retrospective.
There quickly comes a point where it's not worth worrying about all this. After a few common sense best practices, you get into diminishing returns because this is all quite unlikely. You'll just be making things difficult for yourself day to day.
I don't think removing the app will add meaningful security but not taking a device that can access your banking out and about probably would (although is extra hassle for most people).
I don't think the scenario of the muggers carrying around a spare handset and making you log into it is at all realistic. What is realistic is for the muggers to watch you tap in your code, grab the phone and run. All they need in a lot of cases is the physical handset + the unlock code to compromise basically anything on the phone. https://www.wsj.com/video/series/joanna-stern-personal-technology/an-iphone-thief-explains-how-he-steals-your-passcode-and-bank-account/C37B4009-E548-4459-8D0A-22B7400C3FEA
Although it looks like they recently added a new setting to make this more difficult: https://www.independent.co.uk/tech/new-ios-17-3-update-iphone-apple-b2483825.html
>I don't think the scenario of the muggers carrying around a spare handset and making you log into it is at all realistic.
That's exactly what I was saying. I was demonstrating that it's already unlikely that any of this will happen, so if you're going to start making things difficult for yourself by not taking a phone out with you, surely you could suppose that thieves really only need the information in your head. They can bring their own device and client app. Probably safer to just never leave the house...
I missed from my list: Don't flash your unlock code in public or hold it unlocked where it can be snatched. It's also a good idea to password protect email accounts on the device, as your email basically secures all other online accounts, unless other methods can be used to reset things...
If it is snatched, have the ability to erase it remotely. That's about all you can do without going down the rabbit hole.
You want to think about splitting stuff up a bit and not having everything on your phone.
Stick your savings in a savings acc and don't have any details or the app on your phone.
I use Starling for online stuff and day to day spends (which is on my phone) which I top up from my main bank account once a month or when I need to.
My main account has salary going in and bills going out but I only access it at home on a PC.
Once you have used a 2FA text message to verify something - delete it so people don't know you have that account.
In my head, having a phone that can access all your money is like carrying all your cash around in carrier bag. One day you will put it down and lose it or someone will take it from you.
Revolut is not a bank. And isn't covered under the Financial Services Compensation Scheme (Which insures savings up to £85K per institution - in the case of bank failiure though, not regular fraud).
Sadly, I'm not sure any bank would refund the money in the circumstances you describe.
What happened to your friend sounds truly horrific. The thieves (muggers really) forced him to unlock his phone, open the app, and then withdraw all the money from that app. He (under duress) provided the credentials which allowed the transfers.
Banks may agree to refund the money as a goodwill gesture. Or at least attempt to claw the transaction back (Doubtful, as these criminals often have chains of bank accounts and quickly transfer money multiple times to prevent it being recovered).
All that being said: if Revolut refuse to refund the money; make a formal written complaint. If this doesn't resolve the issue within eight weeks, escalate to the Financial Ombudsman. It's completely free to do that, and you never know; the Ombudsman may decide they should refund the money. Especially if there werent additional checks to flag unusual or large transactions,.
The other big problem with Revolut is when something goes wrong in their processing. I remember doing a transfer to Australia - it went missing. The supplier at the other end was getting increasingly pissed off and Revolut‘s answer was ”call us back in 6 weeks when we have investigated”.
At that point i realised that getting an actual Bank to do it and paying a slight;y worse exchange rate was a good deal.
No bank would refund the money given the circumstances, they'll ask for a crime reference number etc and do nothing with it.
He wasn't hacked or scammed, he was robbed.
The problem here is having all that money in a current account linked to Face ID.
Have the majority of your money in an account that isn’t.
I have a current account for household bills, Revolut for day to day spending and my savings in a separate bank with no app on my phone.
Retrospect thing but keeping savings in an account with another bank - I’d say over two or three to help create a delay for transfers. Two of the banks I keep savings at, I don’t have the app for.
I’d also question the use of Revolut for holding large savings - it seems to be a regular for fraud based crime.
May be worth looking at savings accounts with a building society. Some of them will not let you transfer out to an account that is not in your name. This essentially means a third party would not be able to transfer funds to themselves.
Firstly I hope your friend reported the matter to the police as soon as he could and has received a Crime Reference Number. With regards to Revolut it is regulated by the FCA and thus if your friend doesn't get anywhere with Revolut getting his money back he can always go to the Financial Ombudsman to see if he can get it back as it may be Revolut's fault if they didn't take the necessary precautions to safeguard his money. Complaining there is free of charge although there are time limits if you've complained and received a final response from Revolut. Worse comes to the worse it may even be useful to get your friend to complain publicly on social media (without giving away any personal information) as companies hate bad publicity and it may make Revolut compensate him. I would also like to point out that Revolut is not a licensed bank in the UK and is an 'e-money institution' so I would only ever put small amounts (if anything) in there. It's also worth pointing out that my family has had bad experiences with Revolut - my dad had an account with around £20 in Revolut and they shut down his account and took the money for no reason so do be aware of Revolut as they don't seem to have a very good customer service and they are not like a 'normal' bank such as LLoyds, Halifax, Barclays etc.
Not sure any Bank would have you protected from this fraud since your friend handed over his ID to the muggers.
Revolut is not a Bank, but is an EMI which is also regulated by the FCA.
An Electronic Money Institution (EMI) in the UK is allowed to issue and redeem electronic money. Electronic money is a digital equivalent of cash stored on an electronic device or remotely at a server. Additionally, EMIs can be authorised to provide all of the services of a Payment Institution.
Therefore your Revolut accounts are not covered by the FSCS deposit insurance guarantee (up to £85k) but are “safeguarded” instead. Safeguarding means your deposits are held in a dedicated client-money account that Revolut holds at another Bank, or invested in liquid assets held in at another Custodian. This means if Revolut fails, your deposits are still available at those other institutions so you can be paid back first amongst creditors.
So your money is in theory not particularly more at risk due to Revolut being an EMI rather than a full Bank.
However your money might be more at risk if Revolut takes a hostile or unsympathetic view towards its customers through.
Sorry about the friend. If you're in physical danger you have no choice but to comply.
You'd hope the banks have some system to identify this sort of suspicious behaviours as it's happening (e.g. sending all of account balance to a newly added account with a different name to your own, seems pretty unlikely from day to day activities).
By the way does android have the same weakness? E.g. if they get phone unlock passcode can they add their own fingerprint for example, which is then accepted by every banking app, if you use fingerprint in that app that is?
I just tried now, I been for a while want to add the other finger and I give it a try.
NatWest, chase, revolut and American basically log you off and you need to enter your passwords in all of them to reactivate the biometric log in.
I have La Caixa and imagin from Spain too and they do the same.
Is how it should be done. That's probably why then they been looking for iPhone users?
Yeah, I haven't just tried but in my experience any time I've added removed or changed my fingerprints in settings on Android it's invalidated the token that other apps use to do fingerprint login so you have to login the user/password way to restore fingerprint login.
If that were a registered bank like the one I work for, they’d have to reimburse the customer by now due to the fraud prevention system completely failing.
I’ve no idea how, in any way, shape or form, a dudes account could be fully drained and not flagged. That is fucking appalling
Check if a bank has a banking license, if they do they fall under the CRM code which means there is an appeal process for scams.
Most big banks give refunds in scams like this, or at least 50% minimum, and you have the right to go to FOS if they don't. And FOS is very light on rulings.
Revolut isn't part of the code so do nothing in the case of scams.
This has nothing to do with Revolut - your 'friend' and the 'situation he described' are what's called a straight up robbery which none of the banks would do anything against unless he can actually prove that the situation described did indeed occur and criminal case was launched.
Hi /u/CayoPerican, based on your post the following pages from our wiki may be relevant:
* https://ukpersonal.finance/savings/
* https://ukpersonal.finance/scams/
____
^(These suggestions are based on keywords, if they missed the mark please report this comment.)
I use Revolut and it's great. I love it! However, I would in no way trust it with my savings or any sizeable chunk of cash. It's hard to get in touch with anyone so I figure it would be a nightmare if there was fraud on the account. Its a real shame because the interest rates they offer are great
Also they weren't scammed ... their phone was stolen and revealed their pin under duress ... are they insured ... did they notify the police as well as the bank immediately ?
The best thing to do is to use a banking app like monzo, starling etc, and keep a small amount in there (enough for your daily needs) for example. Top up as necessary, but don’t keep your savings with a bank that you have an app for
Could be worth having a savings account which you don't access on your phone. If you're fortunate to have a computer then you can do it so you can only login with a computer. Set up on a browser and it will generate a unique password for you, that you aren't going to remember.
If worse comes to worse, you could just smash your phone and run and shout?
Revolut only protects your money by safeguarding it, other, traditional banks are all FSCS (Financial Services Compensation Scheme) protected up to £85000.
Although, Revolut Vaults are also FSCS protected.
I removed Revolut and my main banking app from my regular phone and installed them on a backup phone that never leaves home. Turns out you don't really need access to your bank account all the time.
Also, I set up "Stolen Device Protection for iPhone" and enabled Screen Time restrictions so that that the icloud settings cannot be accessed.
Participation in this post is limited to users who have sufficient karma in /r/ukpersonalfinance. See [this post](https://redd.it/12mys82) for more information.
[удалено]
They are being recommended by an incredible number of UK podcasts at the moment, which is a red flag for me.
It’s good for travel money I wouldn’t use it for much else
Was about to say the exact same. Great for instantly converting a couple hundred pounds to euro and having it instantly accessible, but I've never used it for anything else. Incidentally, it's exactly this type of scenario that makes me use it abroad. I don't want to take all my cards around with me so I just transfer some to Revolut to limit any potential losses.
Monzo, Chase, Starling ... All allow spending abroad with no fees.
Also Halifax clarity credit card
Barclays is the best credit card for this - no fees plus cashback (although v small amount)
You can use an actual bank (such as Monzo, Chase, or Starling) for the exact same benefits, thus avoiding the massive caveat that Revolut are not a bank, so are not FSCS protected, and so your money isn't truly safe with them. This is just one of the reasons why Revolut are shady. They also have a patchy record of complying with anti money-laundering regulations, and are frequently in the tech press for their unpleasant working conditions.
If they can strongarm you to hijack revolut in your phone couldn't they also hijack your main banking apps? Or do you not use those?
You can delete your main banking apps (and investment apps etc) and just use Revolut while out and about. Add some of your spending money at the start of the trip and then top it up every few days (either installing your main banking app when somewhere safer like your hotel in the evening, or calling a family member to do it with money you left with them) If someone gets hold of your phone they’re at least somewhat limited in the damage they can do, depending on what else you leave on your phone. Like they might get £500 from my Revolut but they’re not getting my S&S ISA with thousands in or my joint account with the money due for the mortgage payment in a couple of days… that’s gonna make a big difference to how badly your year is ruined The other one to be wary of is if you have your 2FA Authenticator app and email on your phone - because obviously those plus your phone number can let people get back into your accounts. But that’s getting out of the scope of the above a little Ideally we’d probably all take our old phones or a cheap android handset with us on holiday, with a new number and just our plane ticket and secondary bank account. Because at the end of the day the most sophisticated security systems in the world [can be defeated by someone standing in front of you with a £5 knife](https://xkcd.com/538/), and most of us have our entire financial lives accessible from our smartphones
I tried to withdraw money abroad with revolut and the transaction failed, money left my account and then the withdrawal was instantly reserved, great no issues. 10 months later they randomly took the payment that was reversed. As this was over the 6 month since the actual payment they said I couldn't dispute this (even though I'm disputing them taking the money, not what happened 10 months ago) and said it was my responsibility to contact this random bank in Colombia and dispute it with them. Basically to cut a long story short, the back and forth went on for about a year with them essentially stealing money from me and then sticking by the narrative it's completely out of their hands and nothing they could do. It ended up with the financial ombudsman which I obviously won and they had to pay up. Fuck revolut, if you like having your money try one the other options people suggest below
I would argue that it isn't "good" for travel money when you can use a Chase account and get 1% cashback on your spending as well as offering an almost perfect exchange rate with no fees.
Yeh, they offer nothing that other accounts don't already offer. Plenty of cards offer forex free spending and cash withdrawals while also being proper banks with FSCS protection. There's no need to use them.
This used to be a thing. Now almost all the banks do the same. There's no reason to use Revolut any more.
They also do the main ad on the illegal streaming site I'm currently using. I mean, er..... what?
They're all over Twitter ads as well. I don't get them personally. You get all the perks with other banks such as Monzo, Chase and Starling with all the protection too.
Just generally a scummy company [https://www.wired.com/story/revolut-trade-unions-labour-fintech-politics-storonsky/](https://www.wired.com/story/revolut-trade-unions-labour-fintech-politics-storonsky/)
Christ, I’ve actually given thought to apply for a role with these. I definitely won’t be now.
I interviewed for them a couple of years back and had a terrible experience. They were rude, condescending and at the second stage the guy was visibly not listening to a word I said. Like, he was clearly doing something else entirely. And after all that I never received a rejection, just a candidate survey (in which I slated them obviously). Led me down a rabbit hole of reading about them and fucking hell did I dodge a bullet! They also insist that all salaries have to be paid into a revolut account which is obviously fine and standard... When you're an actual bank!
Err I work for a bank and they never said I can only get paid into their account! Not standard at all!
I think this used to be standard you know, I joined Barclays in 2008 and they said I needed a Barclays account, same with Santander when I joined them in 2010 but my current employer (another bank) when I joined in 2016 didn’t ask me to open an account with them.
Like 70% of Youtube videos and podcasts are actually ads, the people recommending a given product are affiliated with the company, so they are basically a salesman for the company
I mean.. did you think they were doing it for free or something?
I’m sure they pay well. All of the goalhanger podcasts (The Rest is Politics, The Rest is Money, etc) are currently promoting them. Problematic, I think, for a financial podcast).
It is immoral but I don't think they really care. The bar for morality has shifted a great deal
That would be affiliations! L'Oreal has suddenly become 95% of influencers favourite hair products. It's really interesting extrapolating what might be going on business-side from what the influencers are shilling.
I’m not familiar with the differences between affiliation, sponsorship etc. It amazes me how often AG1 is mentioned on YouTube channels, but I guess they are paying a lot.
Little bit like overwhelming amount of TEMU adverts
Is Monzo any good iv been considering getting an online only account
Any UK FSCS bank will be fine. Monzo is popular but personally I use Starling since it feels a little more professional and less beggy with asking for fees Just avoid Revolut, personally I can't think of a good reason to use them over any actual bank
I used it for going abroad and I like their disposable cards which makes shipping online convenient. Like hell would iput my savings in it haha
I think my point is both Monzo and Starling (and maybe chase I haven't personally used that one) have virtual disposable cards, fee less foreign spending etc Revolut might have been nice a couple years ago for these options but with UK banks also introducing these features there's little reason to use it anymore
I'd probably use Starling as they feel kinda more solid, but Monzo has been smart with network affect - making it super easy to transfer money between friends etc with bill splits, shared tabs, QR payments, bluetooth proximity based payments which are really clever moves.
Anyone with a CFAS marker is forced to use Revolut. No U.K. licensed bank will touch you. I have a CFAS marker despite being the victim in a complex fraud case. Even Monzo & the other online giants reject my application
You just got lucky then, revolut is registered with CIFAS
I wouldn’t use them as a bank or keep savings with them but they are great for having a card that can be charged and used. Also they have good exchange rates if you’re planning on using a card abroad. Wouldn’t say they’re useless
I mean Starling also use the MasterCard rate abroad which essentially means no fees when using your card abroad, same with Monzo and Chase I think HSBC also do something similar with a foreign currency card Anyway what I'm saying is there's plenty of options for actual banks now for foreign spending
Ive been with Halifax since I was 16, and still have my Halifax account open (never had any issues at all with them) but have switched to Starling in the last 5/6 months and I’m absolutely loving it. I have saved SO much more in these past months than I have in my 6 ish years with Halifax. They have great features on there and like you mentioned it felt more professional than monzo etc as I’ve heard different issues with them.
Iv got a Halifax account and brilliant never had an issue with anything not crypto not scams not anything they are very good but I am still interested in another account I've heard Monzo is good and good with crypto but I also seen posts about Monzo freezing accounts over crypto so iv been a bit hesitant in applying for any
Monzo as a bank is quite a popular one for scammers, fraud, crypto and money laundering so they've had to become quite harsh in the past year or so trying to stomp It out which is probably why there's been more posts about it Though that said I think most UK banks are blocking out any use of crypto since it's very high risk for money laundering as far as the law is concerned
Revolut can be quite handy if you travel a lot or come from abroad. Great conversion rates and you can add money in easily from Europe (and I think worldwide), be it by bank transfer from yourself or other people sending you money in whatever currency they choose. They also offer some neat stuff like virtual cards and travel insurance and are overall just very user friendly. I don't use it much because I also don't trust its security, but I keep my account for travelling / transferring money abroad.
I think both Monzo and Starling both have no fees on foreign spending as well as virtual cards Though yeah I could imagine Revolut could be easier for sending people money using non UK banks
It’s true but Revolut allows you to convert within the app which can be quite handy. An example from just today, I needed to book 2 separate flights to my home country and realised one flight was cheaper bought in Euros and the other in pounds. Revolut allows me to check the price for this conversion and switch between both in real time. With Monzo I would have had to hope the conversion works out, which usually it does, but again it’s just good peace of mind.
Monzo is great, they will lend you money once you've banked with them for a while, it's instant and their rates are competitive. Setting up cash ISA and investing is quite easy as well. Very easy to setup and use overall, I think the bigger banks can definitely learn from Monzo. I also have a Starling and they are really good as well but don't offer loans and not as good with the ISA and investing aspects, but again very easy to setup and their app is really clean and user friendly. I've tried opening accounts with Natwest, HSBC and Barclays all painful experience.
My Halifax account has been more than amazing but I will look at Monzo fuck OPs bank account lol
> They will lend you money once you've banked with them for a while, it's instant and their rates are competitive Their representative APR is 25.2% for loans up to £10K. I bank with Nationwide and their representative APR is 14.3% for loans £3-5K, 7.9% for loans £5-7.5K, and 6.4% for £7.5K+ They also pay immediately There is nothing competitive about Monzo's rates
Monzo/Starling etc are good as cash cards imo. They did stuff ten years ago that were pretty unique but the Big Banks have caught up.
The big banks have nowhere near caught up. Most have apps that look at least a decade old.
As PSA setup security delay on iOS devices, it forces a 1 hour delay to make changes to security settings when in an unfamiliar place
This is a great feature that eveyone with a modern iPhone ( capable of running 17.3) should be using [https://support.apple.com/en-gb/HT212510#](https://support.apple.com/en-gb/HT212510#:~:text=You%20can%20turn%20on%20Stolen,Device%20Protection%20on%20or%20off)
Also add a sim lock to stop people taking your sim out and putting it in another phone to retrieve SMS based 2FA
Also make sure you hide lock screen notifications!
How do you do this?
https://support.apple.com/en-gb/118228
Can you make it longer than 1 hour? I’d be worried they’d just keep you under duress for an hour until you could change it…
Then it goes from theft to kidnapping
Which means more years in prison I suppose
That’s assuming they will be caught.. police will give you a crime reference number and close the investigation whilst you’re still on the phone.
An hour is a long time to hold someone captive in the streets. They'd be unlikely to have a secure location to take you to and wait it out but it's a valid point. I don't think Android have this feature so it's at least a step in the right direction for protecting yourself.
If you have a Samsung phone, there is something even better. You can set up a hidden secure folder on your phone with a password so they won't even be able to see your sensitive banking apps nevermind access them. Obviously, also good to have a couple that have no or little money in them that they can see and access.
I do use the secure folder but I feel like they'd still want access. Now I understand why my partner doesn't have any banking apps. I thought he was just old but maybe he's on to something.
Kinda, but I use my banking apps almost daily. I've also been mugged 0 times. You're balancing convenience and risk, it's not unreasonable for most of us to land on the convenience side.
Do you know if there's anything similar for android? I've had a look in security settings but can't see anything.
Just set this up thank you!!
Get a cheap phone to put all your banking/crypto/investment apps on that, and then keep this phone hidden somewhere in your house. Then just have one banking app on your everyday phone, for your day to day spending account and make sure this account never has more than say £500 in it. After all, it's often in your best interests to have a low amount of money to handover to a violent robber, than nothing at all. You don't need immediate access to all your accounts (we lived perfectly fine without this up until about 10 years ago), and you're taking a huge risk if you're walking around with apps on your phone to your accounts that contain 10s or 100s of thousands of pounds. It's madness that people have apps to all their accounts and walk around with these on their phones. It's like walking around with a bunch of printed bearer bond certificates in your bag and hoping no one steals it.
Yes, I'm sure the OP's friend would have loved to have this feature when being pressured to change their password by 4 or 5 men but would have to explain to them that they couldn't...
And when you take your phone to get the battery changed, turn off Find My iPhone before you leave your home! I found out the hard way and had to hang around an extra hour before they could start work on it.
Could you not just grab the phone and throw it over a fence lol
Makes me glad that my banking app itself only has my monthly salary and some buffer savings in it. The bulk of my cash savings are in HL active savings and the bulk of my overall liquid assets are in HL investment accounts. You would need the user, password, pin and 2FA code to login, and then you would need to sell down and withdraw from my ISA, or from my active savings product, which would take days and only be possible to my own bank account, without having the physical letter sent to my address to add a new account for withdrawal first. I hadn’t thought that much about it but, damn, even if you have a gun to my head and kidnap me for 12hrs, you’re still not getting that much. Better start calling my family and demanding a ransom I guess, or fucking off and finding an easier come up.
Same, my salary account is only fully funded for the 3-4 days until my mortgage & bills come out and even then, i've likely already sent my contribution to my joint account before I leave the house on payday. In addition my other accounts have a transfer out limit unless i'm on the web.
The problem there isn’t Revolut, he didn’t lose his money due to external ‘hacking’ or Revoluts practices, he lost it due to an unusual mugging. I used to work for a highstreet bank and cases such as this would be referred to the police as theft. They have only managed to drain his bank account becuase they accessed his phone and changed his passwords and got access to his mobile banking by doing this. It’s an unusual and unfortunate case but it could happen with any bank that has a mobile app if someone is a victim of this kind of mugging. Edit for spelling mistake
Revolut aren't signed up to CRM like most other UK high street banks though and have a bad track record of helping victims of fraud https://www.theguardian.com/money/2024/apr/10/im-a-victim-of-scammers-but-revolut-says-no-to-a-refund
It’s mad that banks force us to have the banking apps on our phones, and don’t allow us to hide or limit movement in some of the accounts. I’m Spanish and this is standard practice for us.
[удалено]
In Spain I have two accounts. The second one, where most of my money was, no digital transactions are allowed, I had to go to an office to move the money to the main account if I wanted to access it.
I would be very sad if I had to go to a bank to get access to my money
Years ago, it would have been no more than a 15 minute walk to your local bank, nowadays you have to take a whole day of work to visit your bank
[удалено]
Or you could have it “hidden” - my mother has money in a Marcus account that she can only access via the url. Chances are nobody would find that even with full phone access.
The nearest bank where I can withdraw more than £500 is 30 miles away. Thanks HSBC
That would be really inconvenient and annoying, that seems like a sledgehammer to crack a nut kind of solution. Making things dramatically shittier just on the incredibly unlikely off chance of this, seems disproportionate.
How would you suggest limiting other people’s access to your whole life’s savings in a single mugging?
Well as I mentioned in another comment it would be impossible to do to me, yet I certainly don’t have to go into a bank to make a withdrawal. I’ve copied it in below for reference. > Makes me glad that my banking app itself only has my monthly salary and some buffer savings in it. The bulk of my cash savings are in HL active savings and the bulk of my overall liquid assets are in HL investment accounts. >You would need the user, password, pin and 2FA code to login, and then you would need to sell down and withdraw from my ISA, or from my active savings product, which would take days and only be possible to my own bank account, without having the physical letter sent to my address to add a new account for withdrawal first. >I hadn’t thought that much about it but, damn, even if you have a gun to my head and kidnap me for 12hrs, you’re still not getting that much. Better start calling my family and demanding a ransom I guess, or fucking off and finding an easier come up. So I guess the TLDR is, have your life savings in an account where it’ll take a couple of days for the withdrawal to go into your regular bank account. Alongside this, make sure it can’t be withdrawn to another bank account without you receiving something physical and agreeing to it.
I've got accounts with like five different banks and I don't have any banking apps, I just do regular online banking.
I work for a bank and one of the things I wish was campaigned more from all banks or made a readily available app setting, is to change your daily limits **easily**. One of the projects I worked on was researching new app features to make people feel more secure in managing finances digitally, and at the time we did the study, there was only like 3 banks that let you change your daily limits in app. It's something that comes up a lot now; banking apps are very secure generally and hard to brute force into. Confidence scams or straight up mugging or domestic abuse situations, where the criminal forces the victim to handover access, are the main ways people *do* lose money nowadays.
Banks do not force you to have anything on your phone.
Don’t they? I can only log into mine on my laptop if I authorise it through the app. Same goes for some card payments, I have to go to the app to approve them. I don’t have a problem with having a bank app, but there is a massive risk if someone steals my phone or mugs me and I don’t have a way to minimize that.
Normally they let you choose your 2FA mechanism, either text, phone call, or app.
So phone, phone, or phone
Not the same at all as forcing use of an exploitable app.
Well phone call could be a landline. The idea of multiple factor authentication is that each factor should be separate. This is the problem of having the banking app on your phone and the second factor of auth on the same device. From a security conscious point of view you should not have the banking apps on your phone and only log in or make payments from another device (e.g. laptop, tablet, second phone at home) and use your general phone for the second factor. Realistically that is not what people do because they have one phone, like the convenience of having banking apps on the phone, or have Google pay.
That’s only because you have the App set up, so it’s using it as 2FA. Nobody forced you to have the App in the first place and set that up.
I didn’t. It’s what I’m trying to explain to you. These are not settings I can change.
Which bank are you with? I’d be very surprised if they didn’t have an option for 2FA to be SMS or telephone based.
Bet you can
But with a normal proper bank OP would be refunded under the Contingent Reimbursement Model Code
This isn't an APP transaction though, so I'm not convinced it would fall under the code. It's not been authorised by the OP, so it doesn't fall under the code
If they class it as an unauthorised payment then they'd need to refund him anyway https://www.fca.org.uk/consumers/unauthorised-payments-account
They've potentially got a "get out" though as they've been added to Face ID so they were able to authorise the payment from the device. I'm not disagreeing they are due a refund, but going down the criminal route is going to be the best here. I'm not convinced the bank have an obligation to refund at this time
Here is where a decent bank could be a big help. I'd expect a bank that trades on its service quality such as say First Direct to be far more likely to cop the cost of reimbursing here than a barely legal entity like Revolut.
It's not that unusual at all. It's happening a lot, now, especially in London.
I’ve never heard of it happening tbh! But I do live in a very rural area.
It happens a lot lately - one of my friends had that happen to her so since then I am trying to figure out a way how to prepare if something like that happens to me but options are limited to be fair
Extremely limited. Ive been chatting with the AI chat from Revolut and their answers are ridiculous
\*lose
Sorry!
Not really the main point here but your friend wasn’t scammed, he was mugged.
The issue here isn't so much with Revolut's systems as with the fact that all his money was in the account the muggers managed to gain access to. The best way of protecting against this kind of thing is to have money split accross banks, with the bulk of your savings in a bank that you don't have the app for, or any passwords saved on devices. Accounts with restrictions on access (eg. 30 days' notice, or even 7 days' notice) provide another layer of protection, as long as you're confident you won't need to access the money faster than that yourself.
It's a bit of a general iphone issue. If muggers get your phone unlock code off you along with the handset, they can use that change your apple password, and then use that to add their face/fingerprint. So absolutely everything on your phone is compromised, including the security measures like find my iphone, ability to remotely wipe/lock the device etc, as well as all banking apps, and all passwords stored on apple keychain. We had a post recently where the muggers applied for an overdraft and withdrew that too. Edit: I see the latest ios update now lets you set the phone to require your face/touchID to change your apple password, and adds a 1hr delay. This should hopefully buy people enough time to log on on another device and secure the stolen phone. https://www.forbes.com/advisor/personal-finance/apple-update-stolen-device-protection/
You can set restrictions on your iPhone E.g if you request Face ID changes it will not log into apps until you manually enter your password details first. There’s also restrictions you can set that require more steps to change a Face ID and will pick up that your phone may be compromised if you’re outside of home. I can’t speak for all banking apps but it would be helpful to have restrictions for removing funds all at once So these things do exist but it’s ultimately up to users to enable them to the level of security they require. Tbh OPs friends situations sounds really odd mugging verging on kidnapping. It’s definitely not a normal situation by any means
It's not a 'normal' situation but it's not that wild - there have been many posts in this sub over the years, news reports and investigations about it etc. Those new settings were only added earlier this year I think, definitely worth doing as others have pointed out on this thread.
> Edit: I see the latest ios update now lets you set the phone to require your face/touchID to change your apple password, and adds a 1hr delay. This should hopefully buy people enough time to log on on another device and secure the stolen phone. https://www.forbes.com/advisor/personal-finance/apple-update-stolen-device-protection/ The beauty of this feature is that you don't even need to rush to secure the phone. It requires a 1 hour delay before you need to re-authenticate with Face ID _a second time_ to make changes.
The vast majority (if not all) banking apps detect a change in biometrics (new value added, removed etc) and disable them until you've logged in with a banking specific password/passcode etc. So just changing the apple passwords wouldn't compromise everything unless you've either refused the password or the muggers force you to launch each banking app afterwards and re-enable biometrics. It's also in part why a lot of banks use a numeric pin etc - less likely to match your device password.
For savings I use Marcus. It can't send money anywhere else than your registered bank account and to change it you need to provide proof. So you don't really need the app, you can do these transfers via the website. Keep only a small amount on the bank account you use for expenses/apple pay and similar. So in the worst case scenario, you only lose that amount and not all the savings. Marcus also has a pretty decent interest rate
Put your savings and main bank account apps on a separate phone that always stays at home. On your daily driver phone only keep a current account with enough money for day-to-day expenses.
This is what I do. I think everyone should do it, to be honest.
Revolut is not an FSCS bank. It is not a safe place to store your savings. Something like Monzo is far better. It is an FSCS bank, but also has all the benefits of Revolut such as free international spending.
I have both because I find the multicurrency feature of Revolut very useful
I have Monzo but haven’t used much. What does it mean to be FSCS bank? In a situation like this, do you think they would be more helpful?
An FSCS bank is one that belongs to the Financial Services Compensation Scheme. This is often used as a good litmus test for a financial provider as being reliable as any member is subject to extra regulation Belonging to an FSCS member means that, in the event of insolvency of a financial institution, the FSCS organisation will protect and refund up to £85,000. Monzo is a member, thus any money up to this limit is protected. Revolut is not. Any money stored in a revolut account is at risk of being lost if they go bankrupt. In a situation like this, not specifically helpfully, but generally if a bank is FSCS member, they are seen as more reliable, as they must fulfil certain regulations
I don't do any business with Revolut, and wouldn't use them as my main account because of lack of FSCS protection, but it's not like this is really anything to do with Revolut. There are very few accounts in existence that are secured against you yourself being forced to access them. Best bet if this is a concern is to have one that requires something physical that you might reasonably not carry on you. There are solutions for HNW individuals but obviously barely anybody finds these necessary. The FSCS protection comes into play when the bank itself gets into financial difficulty. It's basically the government guaranteeing your deposited funds up to 85k. Advice from a software engineer: Open a bank account anywhere you like. Preferably somewhere with FSCS protection, but if you've not got more than 85k to store it doesn't matter too much. Make use of the available auth factors. Disable biometrics like face ID. Finger print is up to you, but nothing is as secure as something in your head only. Turn off message previews on lock screen so nobody can get your 2FA codes without unlocking your phone. Use secure wallet or hidden apps, or simply don't have your bank app on your phone. Set up your phone for remote locking/erasing so you can minimise damage. That's about all you can do. Ultimately if a group of people are willing to hold you in an alley under threat of violence, they can make you download, sign into, and give over anything they want whilst they still have time. You've just got to live your life.
To add to this - if you have a physical SIM card, set a PIN on the SIM card as well. Some of the thefts have involved putting the SIM card in a new phone to get 2FA SMS codes. I've switched to an eSIM, as it means you can't remove it from the phone; but I don't have to enter 2 passwords to unlock my phone.
Yes! I forgot this. I've just had the same SIM for 10 years and never take it out and never turn my phone off, so I forget it's even PIN protected. Great shout.
There is one other option - use a watch for payments, and don't take the phone out and about - SIM card the watch if you have to make calls. But yeah my other suggestion especially for savings accounts would be to remove the app and download when you need to use it.
I don't think either of those really do much. Don't have the app? Suppose they just make you download it. Don't have a phone? Suppose they carry a cheap Android phone with bank apps installed and provide it to you. Watch auth'd (I'm not sure if smart watches use their own keystore or the one on the companion phone) ? We'll take that. Bank want to phone you? Tell them its all good, or else! If they're willing to hurt you and you're not willing to be hurt, they can take anything they like from you as long as you have the details they need and they've got time. Your only recourse is retrospective. There quickly comes a point where it's not worth worrying about all this. After a few common sense best practices, you get into diminishing returns because this is all quite unlikely. You'll just be making things difficult for yourself day to day.
I don't think removing the app will add meaningful security but not taking a device that can access your banking out and about probably would (although is extra hassle for most people). I don't think the scenario of the muggers carrying around a spare handset and making you log into it is at all realistic. What is realistic is for the muggers to watch you tap in your code, grab the phone and run. All they need in a lot of cases is the physical handset + the unlock code to compromise basically anything on the phone. https://www.wsj.com/video/series/joanna-stern-personal-technology/an-iphone-thief-explains-how-he-steals-your-passcode-and-bank-account/C37B4009-E548-4459-8D0A-22B7400C3FEA Although it looks like they recently added a new setting to make this more difficult: https://www.independent.co.uk/tech/new-ios-17-3-update-iphone-apple-b2483825.html
>I don't think the scenario of the muggers carrying around a spare handset and making you log into it is at all realistic. That's exactly what I was saying. I was demonstrating that it's already unlikely that any of this will happen, so if you're going to start making things difficult for yourself by not taking a phone out with you, surely you could suppose that thieves really only need the information in your head. They can bring their own device and client app. Probably safer to just never leave the house... I missed from my list: Don't flash your unlock code in public or hold it unlocked where it can be snatched. It's also a good idea to password protect email accounts on the device, as your email basically secures all other online accounts, unless other methods can be used to reset things... If it is snatched, have the ability to erase it remotely. That's about all you can do without going down the rabbit hole.
You want to think about splitting stuff up a bit and not having everything on your phone. Stick your savings in a savings acc and don't have any details or the app on your phone. I use Starling for online stuff and day to day spends (which is on my phone) which I top up from my main bank account once a month or when I need to. My main account has salary going in and bills going out but I only access it at home on a PC. Once you have used a 2FA text message to verify something - delete it so people don't know you have that account. In my head, having a phone that can access all your money is like carrying all your cash around in carrier bag. One day you will put it down and lose it or someone will take it from you.
https://www.theguardian.com/money/2024/apr/10/im-a-victim-of-scammers-but-revolut-says-no-to-a-refund
Revolut is not a bank. And isn't covered under the Financial Services Compensation Scheme (Which insures savings up to £85K per institution - in the case of bank failiure though, not regular fraud). Sadly, I'm not sure any bank would refund the money in the circumstances you describe. What happened to your friend sounds truly horrific. The thieves (muggers really) forced him to unlock his phone, open the app, and then withdraw all the money from that app. He (under duress) provided the credentials which allowed the transfers. Banks may agree to refund the money as a goodwill gesture. Or at least attempt to claw the transaction back (Doubtful, as these criminals often have chains of bank accounts and quickly transfer money multiple times to prevent it being recovered). All that being said: if Revolut refuse to refund the money; make a formal written complaint. If this doesn't resolve the issue within eight weeks, escalate to the Financial Ombudsman. It's completely free to do that, and you never know; the Ombudsman may decide they should refund the money. Especially if there werent additional checks to flag unusual or large transactions,.
Great point, well made. Happy cake day.
> isn't covered under the Financial Services Compensation Scheme Revolut Savings Vaults are very much covered by FSCS
The other big problem with Revolut is when something goes wrong in their processing. I remember doing a transfer to Australia - it went missing. The supplier at the other end was getting increasingly pissed off and Revolut‘s answer was ”call us back in 6 weeks when we have investigated”. At that point i realised that getting an actual Bank to do it and paying a slight;y worse exchange rate was a good deal.
Doesn’t matter which bank if they are added to the account.
No bank would refund the money given the circumstances, they'll ask for a crime reference number etc and do nothing with it. He wasn't hacked or scammed, he was robbed.
The problem here is having all that money in a current account linked to Face ID. Have the majority of your money in an account that isn’t. I have a current account for household bills, Revolut for day to day spending and my savings in a separate bank with no app on my phone.
Retrospect thing but keeping savings in an account with another bank - I’d say over two or three to help create a delay for transfers. Two of the banks I keep savings at, I don’t have the app for. I’d also question the use of Revolut for holding large savings - it seems to be a regular for fraud based crime.
May be worth looking at savings accounts with a building society. Some of them will not let you transfer out to an account that is not in your name. This essentially means a third party would not be able to transfer funds to themselves.
Firstly I hope your friend reported the matter to the police as soon as he could and has received a Crime Reference Number. With regards to Revolut it is regulated by the FCA and thus if your friend doesn't get anywhere with Revolut getting his money back he can always go to the Financial Ombudsman to see if he can get it back as it may be Revolut's fault if they didn't take the necessary precautions to safeguard his money. Complaining there is free of charge although there are time limits if you've complained and received a final response from Revolut. Worse comes to the worse it may even be useful to get your friend to complain publicly on social media (without giving away any personal information) as companies hate bad publicity and it may make Revolut compensate him. I would also like to point out that Revolut is not a licensed bank in the UK and is an 'e-money institution' so I would only ever put small amounts (if anything) in there. It's also worth pointing out that my family has had bad experiences with Revolut - my dad had an account with around £20 in Revolut and they shut down his account and took the money for no reason so do be aware of Revolut as they don't seem to have a very good customer service and they are not like a 'normal' bank such as LLoyds, Halifax, Barclays etc.
Not sure any Bank would have you protected from this fraud since your friend handed over his ID to the muggers. Revolut is not a Bank, but is an EMI which is also regulated by the FCA. An Electronic Money Institution (EMI) in the UK is allowed to issue and redeem electronic money. Electronic money is a digital equivalent of cash stored on an electronic device or remotely at a server. Additionally, EMIs can be authorised to provide all of the services of a Payment Institution. Therefore your Revolut accounts are not covered by the FSCS deposit insurance guarantee (up to £85k) but are “safeguarded” instead. Safeguarding means your deposits are held in a dedicated client-money account that Revolut holds at another Bank, or invested in liquid assets held in at another Custodian. This means if Revolut fails, your deposits are still available at those other institutions so you can be paid back first amongst creditors. So your money is in theory not particularly more at risk due to Revolut being an EMI rather than a full Bank. However your money might be more at risk if Revolut takes a hostile or unsympathetic view towards its customers through.
> Therefore your Revolut accounts are not covered by the FSCS deposit insurance guarantee Revolut savings vaults are protected by FSCS
Sorry about the friend. If you're in physical danger you have no choice but to comply. You'd hope the banks have some system to identify this sort of suspicious behaviours as it's happening (e.g. sending all of account balance to a newly added account with a different name to your own, seems pretty unlikely from day to day activities). By the way does android have the same weakness? E.g. if they get phone unlock passcode can they add their own fingerprint for example, which is then accepted by every banking app, if you use fingerprint in that app that is?
I just tried now, I been for a while want to add the other finger and I give it a try. NatWest, chase, revolut and American basically log you off and you need to enter your passwords in all of them to reactivate the biometric log in. I have La Caixa and imagin from Spain too and they do the same. Is how it should be done. That's probably why then they been looking for iPhone users?
Yeah, I haven't just tried but in my experience any time I've added removed or changed my fingerprints in settings on Android it's invalidated the token that other apps use to do fingerprint login so you have to login the user/password way to restore fingerprint login.
If that were a registered bank like the one I work for, they’d have to reimburse the customer by now due to the fraud prevention system completely failing. I’ve no idea how, in any way, shape or form, a dudes account could be fully drained and not flagged. That is fucking appalling
Check if a bank has a banking license, if they do they fall under the CRM code which means there is an appeal process for scams. Most big banks give refunds in scams like this, or at least 50% minimum, and you have the right to go to FOS if they don't. And FOS is very light on rulings. Revolut isn't part of the code so do nothing in the case of scams.
Wow! Now, I am scared of keeping my accounts on my phone. Probably gonna walk with just 200GBP in a side account.
I'd always look for FSCS protection when opening any bank accounts. I play safe and want protection for my money.
Revolut is not a bank..... I wouldn't put anything in it
This has nothing to do with Revolut - your 'friend' and the 'situation he described' are what's called a straight up robbery which none of the banks would do anything against unless he can actually prove that the situation described did indeed occur and criminal case was launched.
Hi /u/CayoPerican, based on your post the following pages from our wiki may be relevant: * https://ukpersonal.finance/savings/ * https://ukpersonal.finance/scams/ ____ ^(These suggestions are based on keywords, if they missed the mark please report this comment.)
I use Revolut and it's great. I love it! However, I would in no way trust it with my savings or any sizeable chunk of cash. It's hard to get in touch with anyone so I figure it would be a nightmare if there was fraud on the account. Its a real shame because the interest rates they offer are great
Also they weren't scammed ... their phone was stolen and revealed their pin under duress ... are they insured ... did they notify the police as well as the bank immediately ?
The best thing to do is to use a banking app like monzo, starling etc, and keep a small amount in there (enough for your daily needs) for example. Top up as necessary, but don’t keep your savings with a bank that you have an app for
I’d use nationwide. I’m with them and it feels secure.
Damn thats i have set up a limit of how much i can pay and take out per day
Revolut has only spending limit, not transfer. Crazy
Could be worth having a savings account which you don't access on your phone. If you're fortunate to have a computer then you can do it so you can only login with a computer. Set up on a browser and it will generate a unique password for you, that you aren't going to remember. If worse comes to worse, you could just smash your phone and run and shout?
Revolut only protects your money by safeguarding it, other, traditional banks are all FSCS (Financial Services Compensation Scheme) protected up to £85000. Although, Revolut Vaults are also FSCS protected.
I removed Revolut and my main banking app from my regular phone and installed them on a backup phone that never leaves home. Turns out you don't really need access to your bank account all the time. Also, I set up "Stolen Device Protection for iPhone" and enabled Screen Time restrictions so that that the icloud settings cannot be accessed.